Check Point has published Cyber Criminals Leave Stolen Phishing Credentials in Plain Sight, revealing that a phishing campaign that has run for more than a year and a half inadvertently exposed its payload of stolen credentials. Cybersecurity experts offer perspective.
<p>While specific details are scant, it would appear the laptops in question are refurbished which increases the chances of viruses or malware being present from the previous owners. Getting to the bottom of where the worm originated from is highly unlikely. The good news is the Department of Education doesn\’t believe it is a widespread problem, which eliminates it being part of a malicious attempt to spy on school students or disrupt the education process. The safest way to ensure students received a bug free laptop would have been to wipe the hard drives, essentially starting from scratch by removing existing files and doing a complete reinstall on every machine. However, this requires time, money and patience. To reduce the overall risk to students the Department of Education should be putting security parameters in place to prevent them from downloading games, other apps and other unnecessary programs that could come from untrustworthy websites and sources and be laced with viruses or malware.</p>
<p>There are many local and national schemes which have been implemented to try and provide devices for school children in an attempt to keep as many as possible engaged in some form of education during school closures and lockdown measures. Whilst it is unclear where these particular laptops were sourced, it is absolutely vital that anyone seeking to source devices, whether they are bought using sponsorship or donated directly, be fully aware of the risk that they may contain dormant or active malicious software and research appropriate methods to make them safe before they are distributed to homes and families. The potential for malicious software to be used against recipients is not limited to the children for which the devices are intended, as access to the internet will no doubt be useful for other family and friends outside of school hours. I would highly recommend that anyone distributing devices include some information about online safety. The National Cyber Security Centre offer free advice on secure home working and the use of online conferencing services such as Zoom and Teams. </p> <p> </p> <p>If anyone is in doubt about the safety and security of devices provided for educational purposes they should contact the Department for Education IT team for advice before distribution.</p>
<p>It’s interesting that they are targeting construction – that’s an industry that hasn’t received as much attention from attackers as other sectors. Usually, attackers are focused on healthcare, finance, energy, and retail – but those industries have certainly increased their investments in cybersecurity training over the last two years, so these attackers cleverly shifted to construction, where every initiative involves tens of millions or often hundreds of millions of dollars, and deadlines and regulatory requirements must be strictly adhered to.</p> <p> </p> <p>The attack approach was also clever: a fake login that already self-populates, so that most people wouldn’t be suspicious of the possibility of a phishing attack. Usually, when something self populates it’s viewed as legit and trusted. That’s why this campaign went undetected so often. They were clever but not clever enough, since they forgot to close their own server down and as a result, blew their chance to monetize their loot. </p> <p> </p> <p>We need to understand that these phishing attacks are getting more and more realistic, and the public needs to know that if they don’t consider their sector a target, it’s a very safe bet that it actually is.</p>
<p>The report of malicious actors having their stolen user IDs and passwords revealed by a simple Google search is Karma in action. It shows that attackers are susceptible to the same sort of simple configuration errors that many of them leverage against their targets. But this case also shows that attackers can operate phishing schemes successfully for many months before they\’re exposed.</p> <p> </p> <p>Sadly, users often remain the weakest link in the security chain. While user education can help, organizations still need to maintain strong perimeter and interior defenses, including multi-factor authentication and security analytics, to resist intrusions when credentials are stolen through clever phishing or social engineering attacks.</p>